Social Networks About to Get Creepier
Welcome to the brave new world of creepy social networks. Facebook and Google want your real data. They want to lock you into their social login and social/mobile payment systems. They, or their partners want to spy on our behavior, analyze it, label us, and sell it as social verification. Worst of all, they and their sprawling empires of third party applications and advertising affiliates create vulnerabilities for users: See my NEW POST describing Covert Redirects and Perverse Incentives.
The conference I attended last week titled “User-Centric Identity Live” seems like a strange place to learn all about new identity verification technologies driven by social network surveillance that appears deeply troubling from the privacy perspective. But there it was.
Socure, Inc’s Sunil Madhu spoke from the stage or the audience in several conference sessions I attended, relentlessly promoting his vision that social networks are becoming a better source for identity verification than data brokers such as Experian, Equifax, Lexis-Nexus or Dun and Bradstreet. Given that this was a privacy-oriented conference and that I see social networks as the arch-enemy of privacy, I kept wanting to see horns sprout from Mahdu’s head – like some devil’s advocate – but no, none appeared. All in all, Madhu speaks pretty reasonably.
First, lets take a look at Socure’s web site to understand how social login verification is being sold.
“The easy availability of private information online combined with legacy authentication technologies have left businesses exposed to new fraud threats and billions of dollars in annual losses. Socure utilizes a patent pending artificial intelligence system and proprietary machine learning algorithms with social behavior pattern analysis to detect if an ID is authentic, a fraudster or a bot. Socure’s Social Biometrics solution detects fraudulent users on your web site and mobile applications using advanced machine learning algorithms.”
Socure pitches the product to financial institutions, e-commerce servides, publishers and the Internet. One point jumps out at me: “50% of new site registrations will exclusively be through social sign on by 2015, opening the flood gates for federated identity fraud.”
Socure pitches the product to financial institutions, e-commerce servides, publishers and the Internet. One point jumps out at me: “50% of new site registrations will exclusively be through social sign on by 2015, opening the flood gates for federated identity fraud.”
A New Map of Risk
These are some of the points that Socure and some speakers from Janrain made at the conference:
Facebook and other social networks are taking over the online world anyway. Ever play the board game of world conquest called “Risk”? Up came this map of social network global penetration.
Businesses online are “losing” enormous revenues to mobile transaction abandonment. According to one study, only 3% of transactions are completed on mobile devices. (Editiorial note: With the great variation in user interfaces, I’m skeptical that even an objective study could accurately distinguish between a person who’s just curious and never intended a purchase, or changed his mind about a purchase, from one who genuinely abandoned a transaction.)
But no doubt convenience is a huge driver. One web site operator confirmed that when given a choice of various identity verification options, people always picked the easiest one, which on that site was just to enter the last 4 digits of the social security number.
Facebook and Google want to become providers of social commerce and mobile payments. To take payments from the Facebook app, for example. The two companies have registered for remittance licenses in 50 states.
In order to obtain remittance licences, Madhu explains, Facebook and Google are legally required to have accurate data about people. Today, despite terms and conditions that require you to use your real data on their sites, many people don’t or they make honest mistakes. The feed’s coming from social gateways, a Janrain speaker said, have a lot of bad names.
Creepy
But per the title of this post, social networks are about to get creepier. One person in the audience said that she had received notice – I think from Google – to provide her correct birth date or be denied service.
Here’s the thing – despite Facebook’s more than 1 billion customers – there’s probably another billion or more people that want to lead private lives and prefer not to use any social networks. Many of Facebook’s billion use the network in a highly limited fashion just to see pictures of their kids but don’t like to reveal much, if anything, about themselves.
While there’s nothing wrong with the extroverts of the world opting in to a massive dependency on a single provider and allowing that provider’s technology partners to analyze all their interactions, I’m pretty sure the consensus is that no one should be forced to do this. But I’m concerned that if banks, web sites and other services don’t have a better alternative, the pressure to use social networks, give them all your real personal information and let them intrude on all your private behavior will only grow.
Alternatives
Fortunately, there are alternatives to social networks and social login, which I’ve written about elsewhere. And there are alternatives to social verification for mobile payments that could be more convenient and less invasive to privacy. One is a company called miiCard, which provides a very strong online identity verification system.
But no doubt convenience is a huge driver. One web site operator confirmed that when given a choice of various identity verification options, people always picked the easiest one, which on that site was just to enter the last 4 digits of the social security number.
Facebook and Google want to become providers of social commerce and mobile payments. To take payments from the Facebook app, for example. The two companies have registered for remittance licenses in 50 states.
In order to obtain remittance licences, Madhu explains, Facebook and Google are legally required to have accurate data about people. Today, despite terms and conditions that require you to use your real data on their sites, many people don’t or they make honest mistakes. The feed’s coming from social gateways, a Janrain speaker said, have a lot of bad names.
Creepy
But per the title of this post, social networks are about to get creepier. One person in the audience said that she had received notice – I think from Google – to provide her correct birth date or be denied service.
Here’s the thing – despite Facebook’s more than 1 billion customers – there’s probably another billion or more people that want to lead private lives and prefer not to use any social networks. Many of Facebook’s billion use the network in a highly limited fashion just to see pictures of their kids but don’t like to reveal much, if anything, about themselves.
While there’s nothing wrong with the extroverts of the world opting in to a massive dependency on a single provider and allowing that provider’s technology partners to analyze all their interactions, I’m pretty sure the consensus is that no one should be forced to do this. But I’m concerned that if banks, web sites and other services don’t have a better alternative, the pressure to use social networks, give them all your real personal information and let them intrude on all your private behavior will only grow.
Alternatives
Fortunately, there are alternatives to social networks and social login, which I’ve written about elsewhere. And there are alternatives to social verification for mobile payments that could be more convenient and less invasive to privacy. One is a company called miiCard, which provides a very strong online identity verification system.
Related posts
- Dark Lords of the Internet
- Covert O-Auth Redirects and Perverse Incentives
- Social Login Systems May Share too Much
- Mastering Facebook’s Convoluted Security and Privacy Settings